WordPress Website Security Protection: BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. One-click .htaccess WordPress security protection. Protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. Security Logging. HTTP Error Logging. One-click Website Maintenance Mode (HTTP 503). Additional website security checks: DB errors off, file and folder permissions check... System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload... Built-in .htaccess file editing, uploading and downloading.

Why is .htaccess Website Security So Much Better Than Any Other Type of Website Security?

The answer is very simple - .htaccess files (distributed configuration files) are processed first before any other code on your website. In other words, hackers malicious scripts are stopped by BulletProof Security .htaccess files before those scripts even have a chance to reach the php coding in WordPress. BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. Please read the FAQ page for Server compatibility questions.

BulletProof Security Fast and Simple with No Manual Configuration Required

The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website. Activate .htaccess website security and .htaccess website under maintenance modes from within your WordPress Dashboard - no FTP required. The BulletProof Security WordPress plugin is a one click security solution that creates, copies, renames, moves or writes to the provided BulletProof Security .htaccess master files. BulletProof Security protects both your Root website folder and wp-admin folder with .htaccess website security protection, as well as providing additional website security protection.

BulletProof Security allows you to add .htaccess website security protection from within the WordPress Dashboard so that you do not have to access your website via FTP or your Web Host Control Panel in order to add website security protection for your WordPress site. BulletProof Security Modes: Root .htaccess security protection, wp-admin .htaccess security protection, Deny All .htaccess self protection, WordPress default .htaccess mode and .htaccess Maintenance Mode (503 Website Under Maintenance). In BulletProof Security Mode your WordPress website is protected from XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts.

BulletProof Security Maintenance Mode

BulletProof Security Maintenance Mode allows you to create your custom website under maintenance page within BulletProof Security and activate Maintenance Mode to put your website in maintenance mode. Maintenance Mode allows website developers or website owners to access and work on a website while a 503 Website Under Maintenance page is displayed to all other visitors to the website. Allow access to your WordPress Dashboard for only yourself or add additional IP addresses to allow mulitple IP addresses access to your WP Dashboard while in maintenance mode.

BulletProof Security Additional Website Security Protection

WordPress is already very secure, but every website, no matter what type of platform it is built on should have additional website security measures in place as a standard. BulletProof Security provides that additional website security protection that every website should have.

Translations

• Lithuanian by Vincent G from Host1Free.com
• Filipino/Tagalog by pointen.dk
• Russian by EyeFinity
• If you would like to translate the BPS plugin to your language see this BPS Plugin Language Translation Tutorial. Please include a link to your website so that we can add it here. Thank you.
• Tip: If you use the Google Chrome Browser you can right mouse click in plugin pages and then click on Translate to... To translate plugin text into your Language.

BulletProof Security Features

• One-click .htaccess website security protection from within the WP Dashboard
• .htaccess security protection against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts
• .htaccess file backup and restore
• .htaccess Lock / Unlock (404 Read-Only)
• .htaccess AutoLock On or Off
• Security / HTTP Error Logging - Log 400, 403 and 404 Errors
• Security Log: Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
• Security Log: Turn On / Turn Off / Delete Log
• Automatic .htaccess file updating on upgrade installation
• New .htaccess security filters automatically added during upgrade
• No need to reactivate BulletProof Modes when upgrading
• WP Dashboard Alerts - Root and wp-admin .htaccess file checks
• Anti Comment Spam .htaccess code - works together with Akismet or other Spam plugins to keep Comment Spam at a minimum
• Anti Comment Spambot .htaccess code - Forbid Empty Referrer Spambots
• TimThumb Vulnerability/Exploit .htaccess coding
• Built-in File Editing, File Downloading and File Uploading
• Custom Code feature that permanently saves and writes your personal custom .htaccess code
• WordPress readme.html and /wp-admin/install.php protected with .htaccess security protection
• wp-config.php and bb-config.php files protected with .htaccess security protection
• php.ini and php5.ini files protected with .htaccess security protection
• WordPress database errors turned off - Verification and function insurance
• WordPress version is not displayed / not shown - WordPress version is removed
• WP Generator Meta Tag filtered - not displayed / not shown
• WP DB default admin username / account check
• System Info: PHP, MySQL, OS, Server, Memory Usage, IP, SAPI, DNS, Max Upload, Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, cURL, Memcache and Memcached
• Security Status Page - Displays website security status information
• File and Folder Permission Checking - CGI / DSO SAPI check / display
• Help & FAQ page - links to BPS Guide and other detailed Help & Info pages
• Extensive Read Me! jQuery Dialog Help buttons throughout the BulletProof Security plugin pages
• Backup and Restore existing .htaccess files
• Backup and Restore customized / modified .htaccess files
• Add to, Edit, Modify the provided BulletProof Security .htaccess Master files
• Create your own .htaccess Master files or code and use BulletProof Security as an .htaccess file manager
• Website Developer Maintenance Mode (503 website open to Developer / Site Owner ONLY)
• Log in / out of your website while in Maintenance Mode
• Customizable 503 Website Under Maintenance page
• HUD Success / Error message display
• i18n Language Translation coding

Author	AITpro | Edward Alexander Profile
Contributors	AITpro
Tags	503, attack, base64, block, blocked, bulletproof, chmod, code, CRLF, CSRF, encode, error log, hack, hackers, htaccess, HTTP log, injection, logging, maintenance, permissions, plugin, prevent, prevention, privacy, private, protection, rfi, script, secure, security, security log, SQL Injection, vulnerability, website security, wordpress security, xss

1. 

   BulletProof Security - Security Modes page

2. 

   BulletProof Security - Security Status page

3. 

   BulletProof Security - System Info page

4. 

   BulletProof Security - Edit/Upload/Download page

1. Install, activate plugin, click AutoMagic buttons and Activate BulletProof Modes.
2. Download Installation:
3. Download the bulletproof-security.zip file to your computer and unzip it.
4. Upload the bulletproof-security folder (including all files within) to your /wp-content/plugins folder.
5. Activate plugin, click AutoMagic buttons and Activate BulletProof Modes.
6. Enjoy!

.48.3

• jQuery Code changes for the new jQuery version in WordPress 3.6
• Enjoy!

.48.2

• Bug fix: Turn On/Off Error logging pattern match correction to include all possible scenarios
• Bug fix: ErrorDocument 401 default added/removed on Turn Error Logging On/Off
• Enjoy!

.48.1

• Security Log - Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log
• New htaccess code - ErrorDocument 401 default
• General Coding Improvements & Enhancements
• Enjoy!

.48

• facebook externalhit_uatext.php script/error log fix
• 400, 403 and 404 Error Logging templates modified
• General Coding Improvements & Enhancements
• Enjoy!

.47.9

• Security Logging / HTTP Error Logging On / Off buttons added
• Turn Security Logging / HTTP Error Logging On or Off on the Security Log page
• Russian Translation by EyeFinity
• General Coding Improvements & Enhancements
• Enjoy!

.47.8

• Security Logging / HTTP Error Logging - Log 400, 403 and 404 Errors
• Security Logging / HTTP Error Logging Dashboard Alert - log file size
• IMPORTANT: NEW root .htacess file code automatically created/modified on upgrade
• Additional System Info Check Added: cURL Extension
• General Coding Improvements & Enhancements
• Enjoy!

.47.7

• IMPORTANT UPDATE: .htaccess FILE UPDATE FOR WordPress 3.5
• 3.5 BUG FIX: visual and text editor display blank boxes
• Problem: Square Bracket filters are blocking the visual and text editor
• Solution: Square Brackets are automatically removed from .htaccess files/filters on upgrade to .47.7
• Enjoy!

.47.6

• BPS Master htaccess Folder Deny All .htaccess security protection automated
• BPS Backup Folder Deny All .htaccess security protection automated
• Turn On AutoLock / Turn Off AutoLock options/buttons added
• General Coding Improvements & Enhancements
• Visual Improvements/Enhancements
• Enjoy!

.47.5

• General Coding Improvements & Enhancements:
• WordPress 3.5 pre-release coding added
• Visual Improvements/Enhancements
• jQuery coding Improvements/Enhancements
• .htaccess code Additions and Improvements
• Anti-Comment Spam .htaccess coding added
• DNS Host Name Check for htaccess file auto-lock
• Screenshot image files moved to the assets folder to reduce plugin size = speedier upgrades
• Enjoy!

.47.4

• Improved and Extended Automatic htaccess File Upgrading
• No need to reactivate BulletProof Modes when upgrading
• Automatic updating from .46.9 to the current version of BPS
• Additional System Info Checks Added:
• Zend Engine Version, Zend Guard/Optimizer, ionCube Loader, Suhosin, APC, eAccelerator, XCache, Varnish, Memcache and Memcached
• System Info Checks: check if extensions are installed, loaded, enabled or disabled
• Additional Memory Limit Checks: WordPress Admin Memory Limit, WordPress Base Memory Limit and PHP Actual Configuration Memory Limit
• Enjoy!

.47.3

• .47.2 Automatic .htaccess file updating on upgrade installation added
• No need to reactivate BulletProof Modes when upgrading
• .47.2 New htaccess security filter added automatically during upgrade
• .47.3 New htaccess security filter added automatically during upgrade
• .47.3 Deny All protection automatically activated for BPS Master /htaccess folder
• WP Dashboard Alerts - Root and wp-admin htaccess file checks
• Enjoy!

.47.2

• Automatic .htaccess file updating on upgrade installation
• No need to reactivate BulletProof Modes when upgrading
• New htaccess security filter added automatically during upgrade
• WP Dashboard Alerts - Root and wp-admin htaccess file checks
• Lithuanian Language Translation by Vincent G from Host1Free.com
• Enjoy!

.47.1

• A very minor coding mistake - A superglobal did not have html entities escaped
• No reported problems or issues
• Sincere thanks to SiNA Rabbani for discovering this coding mistake
• Sincere thanks to Jon and Mark from WordPress.org as well for assistance

.47

• View the Whats New page in BPS for the latest changes to BPS
• No changes have been made to either the Root or wp-admin .htaccess files
• i18n Language Translation Coding Added
• Language Translation Tutorial link added to the Whats New page in BPS
• Coding improvements / enhancements
• Enjoy!

.46.9

• Significant changes to both the Root and wp-admin .htaccess files Create new Master .htaccess files with AutoMagic and activate all BulletProof Modes.
• NEW Custom Code feature added to BPS
• Coding improvements / enhancements
• Enjoy!

.46.8

• New TimThumb .htaccess code allows internal image requests but Forbids RFI hacking attempts
• BPS is no longer Forbidding TimThumb thumbnailer scripts by default
• DNS Name Server check on System Info page
• Coding improvements / enhancements
• WP Rating and Download Stats added to BPS
• CSS nick nacks
• Enjoy!

.46.7

• New jQuery Dialog Read Me Help buttons have been created to replace the old Hover ToolTips
• WP_CONTENT_DIR replaces ABSPATH path for sites that have moved wp-content to another location
• .htaccess Return Carriage filter modified
• .htaccess Slash-Jack filter modified
• Several new pop up confirm messages have been added throughout BPS for forms that perform critical operations
• Several new SAPI types have been added to CGI and DSO checking
• AutoMagic for Network / Multisite sub domain sites is no longer writing the wp-admin forbid coding
• Link to Sucuri Malware Website Scanner added
• BPS is Forbidding Thumbnailer Scripts by Default
• To enable Thumbnailer Scritps see root .htaccess file
• Enjoy!

.46.6

• Cookie filter removed from BPS QUERY STRING EXPLOITS
• Explicit "exec" and "execute" filter removed from BPS QUERY STRING EXPLOITS
• non-GPL Javascript Countdown Timer removed
• BPS is Forbidding Thumbnailer Scripts by Default
• To enable Thumbnailer Scritps see root .htaccess file
• Enjoy!

.46.5

• Massive amount of new security filters
• Complete restructuring of how .htaccess Rewriting is processed to work with WP
• Network / Multisite AutoMagic buttons added
• Network / Multisite code added for Super Admins - display BPS menus to Super Admins only
• New System Info information added
• File permission checking and recommendations for CGI or DSO - SAPI detection
• File Lock / Unlock buttons - Read Only root .htaccess - CGI / DSO SAPI detection
• Help info updated
• Updated Whats New
• Lots of other stuff
• Enjoy!

.46.4

• Network / Multisite detect with additional help info
• chmod 0644 added to copy function for default, secure and wp-admin htaccess files
• Fixed CSS display issues for WP versions 3.2+
• Replaced PP donate link with BPS Pro Upgrade link
• Replaced BPS Pro Modules page with BPS Pro Features page
• Security Status print output instead of var_dump
• Help info updated
• Other CSS changes
• Updated Whats New

.46.3

• BPS Security Top Level Menu added
• Whats New page was added - Read the new Whats New page for details about the latest changes to BPS
• BPS Master htaccess file changes
• Maintenance Mode page changes - Form settings saved to the WP DB
• HUD, W3TC and WPSC - Heads Up Display checks / messages changes / additions
• wp-admin htaccess file removal added
• My Notes page was added

.46.2

• Additional new .htaccess security coding and modifications added to the BPS master .htaccess files
• New plugin conflict permanent fixes added to the secure.htaccess Master file
• BulletProof Security is now fully AutoMagic and still offers full manual control

.46.1

• Additional new .htaccess coding and modifications added to the BPS master .htaccess files
• New plugin conflict permanent fixes added to the secure.htaccess Master file
• Maintenance Mode is AutoMagic - Completed the Maintenance Mode page ...finally
• Create the Maintenance Mode Under Maintenance page from within the Dashboard
• Preview your Website Under Maintenance page from within the Dashboard
• New System Information Displayed - WordPress Installation Folder, WordPress Installation Type and
• WP Permalink Structure Checks and displayed info
• Heads Up Display (HUD) created
• Improved Error and Warning messages
• Major Core code improvements
• nick nack core code fixes and improvements
• New Help and FAQ links - new help pages created on AIT-pro

.46

• New File Uploader code written - no longer using Uploadify code
• New File Downloader code written - no longer using Zubrag code
• File Uploader is AutoMagic - no setup required
• File Downloader is one-click - no setup required
• Major overhaul of the core BPS coding
• !!! Special Thanks to Jon Cave!!!
• for finding a CSRF security vulnerability in BPS .45.9
• that has now been eliminated in BPS .46 with new coding
• And also excellent coding advice to improve BPS even more
• and making the entire WordPress Community a safer and better place
• New permanent plugin conflict fixes added to master .htaccess files

.45.9

• !!!Critical Update!!!
• Security Patch Release

.45.8

• Permanent Backup and Restore options added - permanent online backup and restore
• Permanent Backup and Restore for all .htaccess files
• Permanent Backup and Restore for File Uploader and File Downloader setup settings
• Additional new .htaccess coding and modifications added to the BPS master .htaccess files
• New plugin conflict permanent fixes added to the secure.htaccess Master file
• WordPress readme.html and /wp-admin/install.php are now protected by BulletProof Security
• Improved Success / Error messaging - more detailed success / error messages displayed
• New Help and FAQ links added - New detailed Help and Info pages created

.45.7

• Additional .htaccess coding filters added to the BPS master .htaccess files
• File Editor added - Edit the BPS .htaccess files from within the WP Dashboard
• File Uploader added - Upload files from within the WP Dashboard
• File Downloader added - Download files from within the WP Dashboard
• Deny All BulletProof Security Modes added for the /htaccess folder and /backup folder
• Nick Nacks, etc.

.45.6

• !!!CRITICAL UPDATE!!!
• New SQL Injection hacking method blocked - New code added to master .htaccess files
• This update protects against this latest new SQL Injection hacking method
• Installing BPS does not activate the new BPS .45.6 .htaccess files
• After installation please activate the BPS .45.6 BulletProof modes
• Please download your current htaccess files first before activating BPS .45.6 Security Modes

.45.5

• The SVN DB problem for BPS was fixed by some awesome person at WP!
• WP ROCKS!!! BPS .45.5 will install successfully now. ;)
• Bug fixes: W3 Total Cache, Simple Facebook Connect, Ozh' Admin Drop Down Menu, ComicPress
• Permanent coding fixes incorporated into master htaccess files to replace workarounds
• Additional mission critical PHP Info checks added
• Php.ini and php5.ini files are now protected by BulletProof Security
• Updated BPS help files - AITpro.com site help files pending
• nick nacks here and there

.45.4

• SVN DB Corruption - unable to use this version - will not download - will not install
• Bug fixes: W3 Total Cache, Simple Facebook Connect, Ozh' Admin Drop Down Menu, ComicPress
• Permanent coding fixes incorporated into master htaccess files to replace workarounds
• Additional mission critical PHP Info checks added
• Php.ini and php5.ini files are now protected by BulletProof Security
• Updated BPS help files - AITpro.com site help files pending
• nick nacks here and there

.45.3

• More Query String Exploit Filters added to BPS Master .htaccess files
• Options -Indexes added to BPS Master .htaccess files at user requests
• Added IP address display to maintenance mode javascript countdown timer display
• No need to click Update Permalinks anymore for Maintenance Mode - RewriteRule override added

.45.2

• New Apache Directives for PHP5 added to the .htaccess master files
• Maintenance mode master .htaccess code modified - RewriteCond to load new background png
• Maintenance Mode log in / log out issue fixed - Log in / out of your Dashboard in Maintenance Mode
• Website Under Maintenance coding modifcations and visual design enhancements
• Background Graphic for Website Under Maintenance page created and added in the installation
• Minor cosmetic nicks nacks fixed here and there
• Help files and hover tool tips help info updated
• Tested on WordPress 3.1-alpha - no issues or problems

.45.1

• Bug fix for version check of BPS .htaccess master file
• Bug fix for wp-config.php check based on BPS .htaccess version
• Fix - BPS plugin uninstall issue fixed
• Fix - BPS Widget configuration issue fixed
• Completely recoded with WordPress 3.0 coding enhancements and improvements
• Completely new sophisticated visual design and look
• jQuery UI Tabbed Menu with CSS Hover Menu Buttons - see screenshot
• New Messaging Display System added
• ,htaccess code added to master files to .htaccess protect wp-config.php
• WordPress DB error on / off checking and verification status display
• WordPress version is not displayed - remove_action('wp_head', 'wp_generator');
• WP generator meta tag removed - remove_action('wp_head', 'wp_generator');
• Administrator username “admin” check
• System information page displays PHP, MySQL, Server Info, etc. - see screenshot
• Security Status page added - see screenshot
• Help & FAQ page added
• BPS Pro Modules page added - BPS Pro Modules are installed separately
• New BPS .45.1 Guide created @ AIT-pro.com

.45

• Completely recoded with WordPress 3.0 coding enhancements and improvements
• Completely new sophisticated visual design and look
• jQuery UI Tabbed Menu with CSS Hover Menu Buttons - see screenshot
• New Messaging Display System added
• ,htaccess code added to master files to .htaccess protect wp-config.php
• WordPress DB error on / off checking and verification status display
• WordPress version is not displayed - remove_action('wp_head', 'wp_generator');
• WP generator meta tag removed - remove_action('wp_head', 'wp_generator');
• Administrator username “admin” check
• System information page displays PHP, MySQL, Server Info, etc. - see screenshot
• Security Status page added - see screenshot
• Help & FAQ page added
• BPS Pro Modules page added - BPS Pro Modules are installed separately
• New BPS .45.1 Guide created @ AIT-pro.com

.44.1

• If you are upgrading from .44 to .44.1 download the /htaccess folder first
• before upgrading and upload it back to the back to the BulletProof plugin folder
• after you have upgraded to .44.1.
• Added Backup form function - backs up users original existing htaccess files
• Added Restore form function - restores users original existing htaccess files
• Backup folder added for backed up original htaccess files
• Removed links from all ToolTips except for the top Read Me! hover ToolTip

.44

• First version release of BulletProof Security
• Extensive Read Me! help hover ToolTips added to the BulletProof plugin page
• Visual and coding Enhancements made to the BulletProof Maintenance page
• Function check_perm redeclare conflict fixed

How does the BulletProof Security Plugin work?

The BulletProof Security Plugin allows you to instantly create and activate .htaccess website security with one click (ok maybe a few clicks) for your website without having to know anything about .htaccess files. The Master .htaccess files are pre-made and BPS writes .htaccess code that is customized for your website. There is nothing to figure out or to configure. Click the AutoMagic buttons (creates customized Master .htaccess files) and Activate BulletProof Modes (copies the customized Master .htaccess files to your root and wp-admin folders). BPS has built-in Backup and Restore and an .htaccess File Editor for full manual editing control as well. BulletProof Website Security fast and simple. Enjoy!

Do I need to understand .htaccess code in order to use the BulletProof Security Plugin?

No, The .htaccess file creation is automated in BulletProof Security. Everything is automatically done for you. You do not need to know or understand anything about .htaccess website security files in order to use the BulletProof Security plugin. Extensive help information can be found in the Blue Read Me help buttons in BPS.

What do I do if I cannot log back into my website?

If you accidentally activated BulletProof Modes without first clicking the AutoMagic buttons or if you put your website in Maintenance Mode and your IP address has been changed by your ISP and you cannot log back into your website then you will need to use FTP or your Web Host Control Panel File Manager and delete the .htaccess file that BPS created in your website root folder. BPS website security is done purely with .htaccess website security and nothing else is modified on your website. So simply deleting the .htaccess file in your website root folder removes BPS website security and will allow you to log back in, use the AutoMagic buttons and activate BulletProof Mode again to protect your website again.

Will BulletProof Security cause my website to run slower?

No, BulletProof Security will not cause a website to run slower. BulletProof Security is website performance optimized and uses very little/low website resources and very little Server memory. If you would like to check your plugins to check how much website resource and Server memory each of your plugins is using install the P3 (Plugin Performance Profiler) plugin.

When I upgraded/updated BulletProof Security I saw an Alert. What does the Alert mean?

When upgrading/updating the BulletProof Security plugin you will see this WP Dashboard Alert. BPS Alert! Your site does not appear to be protected by BulletProof Security. As of BulletProof Security .47.2 WP Dashboard Alerts have been added to check your Root and wp-admin .htaccess files to ensure that your website is protected. During the upgrade your .htaccess files will be automatically updated and any new .htaccess security filters will be automatically added to your .htaccess files. In order for BPS to automatically update your htaccess files you will need to stay current with BPS plugin updates and install the latest BPS plugin updates when they are available. Any custom htaccess code or modifications that you have made to your htaccess files will not be altered, modified or changed. Activating BulletProof Modes again after upgrading BPS is no longer necessary.

Where can I find BulletProof Security troubleshooting steps & support?

Please see the BulletProof Security Forum.

BulletProof Security Server Compatibilty - Linux Hosting

• Compatible with Apache CGI configured Servers
• Compatible with Apache DSO configured Servers (May require file/folder permission and/or Ownership changes)
• Compatible with Nginx frontend Server with Apache backend Server
• Compatible with LiteSpeed Servers
• NOT Compatible with Windows IIS Servers - Windows Hosting

BulletProof Security uses .htaccess website security files, which are specific to Apache Linux Servers. BPS is compatible with Apache Linux Servers, LiteSpeed Servers, Nginx Servers (if the Nginx Server is the frontend Server and Apache Linux Server is the backend Server). If you do not know what type of Server you have you can check your Server Type and Operating System on the BPS System Info page.

Will BulletProof Security Work at all on Windows IIS Servers/Windows Hosting?

Yes and No. .htaccess files are only used on Linux based hosting. You can install BulletProof Security if you have a Windows IIS hosted website to use the additional features in BPS, but you cannot Activate BulletProof Modes and use .htaccess files on Windows Hosting. Please see this WordPress Codex Permalinks without mod_rewrite for more information.

Does BulletProof Security Work on Nginx Servers?

If you are using both Apache and Nginx together and Nginx is the frontend webserver and Apache is the backend Server used to process PHP then BulletProof Security will work on this type of combined Server Configuration. If you are only using Nginx then an .htaccess file will not work. Nginx has its own rewrite module - HttpRewriteModule and the mod_rewrite equivalent of an .htaccess file has similar, but different coding and is added to an Nginx Server config file. Note: If you are not familiar with Nginx, then it should be noted that Nginx does not have a PHP module like Apache's mod_php, instead you either need to build PHP with FPM (ie: php-fpm/fastcgi), or you need to pass the request to something that can handle PHP.

Are there any known issues or conflicts with other WordPress Plugins or Themes?

Occasionally issues or conflicts do occur with other plugins, but they are always quickly resolved. BPS is compatible with all other Plugins and Themes. An .htaccess bypass / skip rule is all that is required to allow a plugin or theme to do something that is blocked by BPS. Please check the BulletProof Security Plugin Compatibility Testing and Fixes page for the latest plugin bypass / skip rules.

I am seeing Security Log entries in my BulletProof Security Log. What do they mean?

Your Security Log will log 400, 403 and 404 (requires copying the BPS 404 logging code to your Theme's 404.php Template) Errors. The Security Log logs 400 and 403 HTTP Response Status Codes by default. You can also log 404 HTTP Response Status Codes by opening this BPS 404 Template file - /bulletproof-security/404.php and copying the logging code into your Theme's 404 Template file. When you open the BPS Pro 404.php file you will see simple instructions on how to add the 404 logging code to your Theme's 404 Template file.

HTTP Response Status Codes

• 400 Bad Request - The request could not be understood by the server due to malformed syntax.
• 403 Forbidden - The Server understood the request, but is refusing to fulfill it.
• 404 Not Found - The server has not found anything matching the Request-URI / URL. No indication is given to whether the condition is temporary or permanent.

What is the difference between BulletProof Security free and BulletProof Security Pro?

BulletProof Security

• .htaccess Website Security Protection
• Security Logging
• HTTP Error Logging

BulletProof Security Pro Feature Highlights

• AutoRestore - Automatic File Restore
• Quarantine - Automatic File Quarantine
• Real-time File Monitor (ARQ Infinity)
• Plugin Firewall (true IP Based Firewall)
• Uploads Folder Anti-Exploit Guard
• .htaccess Website Security
• Custom php.ini Website Security
• F-Lock - Read Only File Locking
• Security Logging
• HTTP Error Logging
• PHP Error Logging
• Email Alerts
• Versatile Set of Pro-Tools...
• Base64 Decoder / Encoder...
• View All BulletProof Security Pro Feature Details

Is BulletProof Security Network / Multisite Compatible?

Yes. BulletProof Security contains AutoMagic buttons for Network / Multisite websites. Both sub-directory and sub-domain Master .htaccess code is written / created for your specific Network / Multisite site. BulletProof Modes should ONLY be Activated on the Primary site to automatically protect all sub sites. Sub sites are virtual. DO NOT Activate BulletProof Modes on sub sites. BPS allows only Super Admins to see the BPS menus in sub sites. BulletProof Security also works with Network / Multisite Domain Mapping.

Is BulletProof Security BuddyPress Compatible?

Yes. BulletProof Security works with all BuddyPress site types.

Is BulletProof Security Compatible with subdomain websites and subdirectory websites?

Yes, BulletProof Security works on all types of WordPress installations including "Giving WordPress Its Own Directory" websites.

Is BulletProof Security automatically setup already?

Yes and No. You must be using a WordPress Custom Permalink structure for BPS to work correctly (every WordPress site should be anyway). If you are not using a custom Permalink structure then you will get a warning message that Custom Permalinks need to be enabled when you access the BulletProof Security Options page. BulletProof Security includes AutoMagic Master .htaccess file creation so that only one click is required to automatically create your Master .htaccess security files for your website, which you then Activate - BulletProof Mode. BulletProof Security also offers full manual control of editing the .htaccess files using the built-in File Editor. BulletProof Security is designed with everyone in mind: regular folks, Designers, Developers and Coders. BulletProof Security is designed to work with every type of WordPress installation: Single websites, subfolder websites, subdomain websites, "Giving WordPress its Own Directory" websites, Network / Multisite subdirectory websites and Network / Multisite subdomain websites. BulletProof Security will automatically create the correct Master .htaccess files for your website when you click the AutoMagic buttons. If you prefer to do everything manually then you would edit your .htaccess using the built-in .htaccess File Editor instead of using Automagic to automatically create your .htaccess files.

Can I add my own .htaccess code to the BulletProof Security .htaccess files?

Yes. Of course. The secure.htaccess and wpadmin-secure.htaccess Master .htaccess files already contain .htaccess security code that protects your website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. Add any additional security filters or other .htaccess code to your Master .htaccess files or your currently active .htaccess files using the built-in .htaccess File Editor. The BulletProof Security Master .htaccess files contain help info and additional options within the .htaccess files themselves. htaccess files can do a lot of neat things besides just providing website security protection. As of version .46.9 you can now also add any custom code to the Custom Code feature. Your custom .htaccess code will be saved to your WP DB permanently until you delete it. Please view the Read Me Help button in Custom Code for specific details.

Does the BulletProof Security Plugin create or write the .htaccess files?

Yes, BulletProof Security creates customized .htaccess website security files with AutoMagic. BulletProof Security also offers full manual control of editing both the BPS Master .htaccess files and your currently active .htaccess files using the built-in .htaccess File Editor. The BPS Master .htaccess files have already been pre-made. When you click the AutoMagic buttons your .htaccess Master files are created with specific code for your specific website with the correct RewriteRule and RewriteBase automatically added to your .htaccess files. You can add additional code to the master .htaccess files, edit the .htaccess files or create completely new .htaccess master files from within the WordPress Dashboard using the built-in BPS File Editor - no FTP required - no Web Host Control Panel required. BPS could also just be used simply as an online .htaccess file editor and manager. AutoMagic is great, but having both AutoMagic and full manual editing control makes BulletProof Security a very versatile website security protection tool.

Does BulletProof Security work with Git distributed version control system?

Yes, BulletProof Security works with Git, but does require some additional set up steps. Please see this thread for the setup steps Git distributed version control system setup steps

Help Info

Extensive Help Info can be found on the AIT-pro.com website and within the BulletProof Security pages themselves. Click on the blue Read Me Help buttons to get Help Info about the particular section or page of the BulletProof Security plugin that you are in. The Help and FAQ page contains links to Help pages that will load in a new browser tab so that you are not redirected away from your WordPress Dashboard.

What's New in .48.3

.48.3

• jQuery Code changes for the new jQuery version in WordPress 3.6
• Enjoy!

.48.2

• Bug fix: Turn On/Off Error logging pattern match correction to include all possible scenarios
• Bug fix: ErrorDocument 401 default added/removed on Turn Error Logging On/Off

.48.1

• Security Log page - Add / Remove User Agents/Bots to Ignore/Not Log or Allow/Log: If a particular User Agent/Bot is generating excessive log entries you can add it to Add User Agents/Bots to Ignore/Not Log tool and that User Agent/Bot will no longer be logged. See the Blue Read Me help button on the Security Log page for additional help info. Adding or Removing User Agents/Bots adds or removes User Agents/Bots to your Database and also writes new code to the 403.php Security Logging template. The 403.php Security Logging file is where the check occurs whether or not to log or not log a User Agent/Bot. It would be foolish and costly to website performance to have your WordPress database handle the task/function/burden of checking which User Agents/Bots to log or not log. WordPress database queries are the most resource draining function of a WordPress website. The more database queries that are happening at the same time on your website the slower your website will perform and load. For this reason the Security Logging check is done from code in the 403.php Security Logging file.

• New htaccess code: ErrorDocument 401 default htaccess code is automatically added to the root .htaccess file on BPS upgrade (if your root .htaccess file is writeable). This htaccess code fixes issues with password protected directories generating 404 Error not found errors. If your root .htaccess file is not writeable then you will need to change the root .htaccess file permissions temporarily to allow BPS to automatically update your root .htaccess file and then change the root .htaccess file permissions back to what they were.

• Coding Improvements & Enhancements: Of course, but why not mention it anyway.

• Enjoy!